hillchart

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow step 3a ("Check open Pull Requests") instructs using the GitHub CLI (gh pr list / gh pr view) to fetch PR titles, bodies, reviews and commits — user-generated, potentially public GitHub content that the agent must read and that directly influences progress calculations and actions.